GDPR Compliance

The General Data Protection Regulation (GDPR) is a European privacy and security law that came into effect on 25 May 2018. TRMS is committed to GDPR compliance and helps its customers meet their own obligations under the regulation.

For Customer Content uploaded to your TRMS workspace, you act as the data controller and TRMS acts as a data processor on your behalf. For information we collect directly from you (such as billing and account details), TRMS acts as the data controller.

The GDPR grants individuals the following rights with respect to their personal data. TRMS provides tools and support to help our customers fulfil these requests:

• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object

Where personal data is transferred outside the European Economic Area, TRMS relies on the European Commission's Standard Contractual Clauses (SCCs) and implements supplementary measures where appropriate, in line with the recommendations of the European Data Protection Board.

TRMS engages a limited set of trusted sub-processors to deliver our services. A current list is published in our DPA and we provide advance notice of any changes so customers can object if they wish.

Customers subject to the GDPR can enter into our standard Data Processing Agreement, which incorporates the SCCs by reference. The DPA is available on our DPA page.

TRMS has appointed a Data Protection Officer who is responsible for overseeing our GDPR compliance programme. You can reach the DPO at dpo@trms.co.zw.